Free AV's

Discussion in 'other anti-virus software' started by Kees1958, Apr 17, 2008.

Thread Status:
Not open for further replies.
  1. KDNeese

    KDNeese Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    236
    OK, let me clarify my statement somewhat. First of all, there is no panacea no matter what kind of security software a person is running, and I am fully aware of that. Also, I'm not implying at all that heuristics are useless. All I know is that they haven't done much for me, and I was simply seeking input from others as to their experiences. Also, it is very well known that signature-based scanners are treading water trying to keep up with the hordes of new malware being released onto the net every day. It's becoming harder and harder for AV/AS developers to keep signature databases up to date, and while heuristics do help, it is still very much a crap shoot with any signature-based program. No, HIPS and such programs are not a panacea and most definitely not fullproof, but the chances of them catching a virus or other piece of malware attempting to execute is pretty high. I'm aware that there's a lot of malware out there that doesn't need to necessarily run an executable to infest a system, but programs such as SSM, Prosecurity, Threatfire, etc are very good at detecting malware that may have been missed through signature and heuristic recognition by the AV/AS. I would be interested in seeing virus testing done with just these kinds of programs running and see if they were capable of detecting as many as the AV's do. If there is a thread where this has been done I'm not aware of it, but would love to read it if there is one. So, the bottom line here is that I'm not being critical of AVs or the heuristics they employ. I was just relating my own experience and asking for input regarding the experience of others. Also, when an AV alerts on a possible malware, do all of the AVs (that employ heuristics) advise you whether it was signature based or heuristics based detection?
     
  2. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I haven't posted here in a while, so hello again to my fellow members. This websites test I'm a little confused about. I had THOUGHT Avast was a great antivirus program, since past tests showed it as a good performer, plus the recommendations from posters here. However, this 31% or so 0-day detection rate makes them look not so good. BUT, how "make or break" is 0-day detection anyway?

    I'm not really sure I quite understand the term 0-day. I make an assumption from how it is described, that 0-day means something that is released out into the wild right this very moment, or at least sometime today. I understand how heuristics plays a part in it, but for the most part, how does ANY AV detect something and know for sure it's a new virus/malware that is just released out?

    I currently use Avast Free, which, I had been thinking has served me well. Many times it has prevented a website from doing damage and has caught quite a few things during some P2P sessions before the file was completely downloaded (yes, I know, P2P *slaps own hand*). I know Avira in tests seems to be one of the best out there, but, leaving out 0-day stuff, Avast isn't all that far behind.

    I would use Avira Premium (I'm a fan of the web shield idea both they and Avast use), but darn if I'm going to wait around for some forum admin to PM me a trial key just to test his product out. Also, what exactly is the deal with this "demo-mode" that Avira puts itself into? I can download the program, install it, it installs fine, but refuses to update unless I have either the trial key or a paid key? Why put the thing available for download in the first place if it's completely non-functional until that key is had?

    I even tried out Avast Pro, which, while very nice, the script blocking ability is useless to me as it won't work in Firefox and I have to have IE outside SandboxIE to get that to work. My real point is this, IF, covered with Firefox with NoScript, or even IE7 both inside a sandbox with at least a decent AV, how "urgent" is 0-day detection anyway?
     
  3. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    You're fine. Don't worry, be happy :)
     
  4. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Straight to the point and also what I myself suspected. Thank you :)
     
  5. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    You're welcome :)
    Indeed, Antivir has a higher proactive detection than most AVs, but sandboxing your (fully-patched, including plug-ins like Flash and Java) browsers will prevent almost any drive-by download (i.e. download and execution of an executable without your consent). You're only at risk when you decide to trust some content and run it outside the sandbox.
     
  6. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    0-day is IMO an absurd expression.
    There is a period between the discovery of a new malware AND the updating of your AV and that period is alot longer than 0 days. That's why I have an anti-change solution to kill new malwares. AV's are always way too late and a behavior blocker is a matter of luck.
     
    Last edited: Apr 21, 2008
  7. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    You're forgetting about proactive features in AVs/suites:
    - Heuristics and generic signatures.
    - Buffer overflow detection.
    - Sandbox analysis.
    - Runtime behaviour analysis.
     
  8. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Some people seem to cling to misguided concepts that are much more outdated than they believe antiviruses to be. For those people who still believe that antivirus software can only detect things that vendors have seen before, AND are interested in learning the facts instead of simply recycling the tired old spiels, I suggest you brush up on your general knowledge before posting.
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Find me first a scanner that beats my setup and then I will brush up my knowledge, if there is any. So far NOTHING and I ran most of them.
     
  10. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    As I said in my post, my remarks were addressed at people interested in learning the facts instead of recycling outdated and misguided spiel. If you don't fall into that category, by all means feel free to disregard my post.
     
  11. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Last observation

    XP box (Comodo FW, Avira 8, DW) is teh fastest with Avira 8


    Vista64 box (VFWc, Avast 4,8, Haute Secure) avast is teh fasted of the three and seems to have an active guard right from startup (turning icon), while AVG (soon) and Avira (lot later) seem to load an then activate protection on Vista64.

    Anyone having same experiences?
     
  12. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Last observation

    XP box (Comodo FW, Avira 8, DW) is the fastest with Avira 8


    Vista64 box (VFWc, Avast 4,8, Haute Secure) avast is the fasted of the three and seems to have an active guard right from startup (turning icon), while AVG (soon) and Avira (lot later) seem to load an then activate protection on Vista64.

    Anyone having same experiences?
     
  13. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Tested AVG 8 free today,

    Active shield is up real fast (same as Avast, muchfaster than Avira). Has a core component withhout *32 id (meaning 64 it code). Disselecting Linkscanner gives an error icon (or attention icon with !). Main component spikes up the RAM on average 11-15% with highs up to 40 percent usage (4 GB Dual Core 3,2 Ghz with 4GB ready Boost).

    Startup of IE7 with google screen is slower than with Avast (and Avira). AVG 8 free really ahs few options (even less than Avira), so can not be tweaked.
    Son's is a gamer, so I will fallback to Avast 4.8 again
     
  14. Quitch

    Quitch Registered Member

    Joined:
    Apr 24, 2008
    Posts:
    94
    The problem with that site is that it doesn't appear to cover false positive scenarios. If you check http://www.av-comparatives.org/ you will see that, while their test is a little old now (Nov 2007), AntiVir generates quite a few false positives, and therefore part of the reason for their heuristic success is that it's very aggressive. However, I do believe AVC turn everything up to max when running those tests and I don't know what AntiVir has as a default for heuristics... I do wish AVC would do a default settings comparison to reflect a more real-world scenario.
     
  15. tepe2

    tepe2 Registered Member

    Joined:
    Jan 18, 2006
    Posts:
    543
    I tried this, but cannot make it work. I dont know why. Anyone tried this and it works?
     
  16. wildvirus88

    wildvirus88 Registered Member

    Joined:
    Feb 28, 2004
    Posts:
    331
    Avast have very poor detection... I prefer not to use a AV than use Avast. With no AV you know you are not protected but with Avast you think you ar eprotected.

    You can choose Avira (1) or AVG (2) (in the order).
     
  17. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    At the moment using ThreatFire as free Av on XP and AVG8 on vista64. When you disable the browser helper parts of old linkscanner, the AVG icon still shows okay and browsing is a lot faster.

    TF (now on XP) was Avira, TF and DefenseWall blend nicely
    AVG (now on Visat64) was Avast
     
  18. Quitch

    Quitch Registered Member

    Joined:
    Apr 24, 2008
    Posts:
    94
    @tiagozt

    What are you basing that on? Certainly no comparison I've ever seen. AV-Comparatives and Virus Bulletin both rate Avast fairly high, certainly comparable to AVG.
     
  19. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    avast! scores 50-60% on average on my samples, compared to AVG's 92-95% and Avira's near-perfect scores. It's nice to see that someone else is confirming my results, because to be honest I have no fricking idea how avast! does so well in the "official" tests.

    Small note about AntiVir: the free edition claims to not detect ad/spyware, but in fact Avira classifies many of the rampant ad/spyware variants today as trojans (TR/Vundo.Gen, DR/Vapsup.Gen, DR/Zlob.Gen, TR/Spy.Gen, et cetera), or catches them using its generic packer detections, and can detect them accordingly.
     
  20. Ximi

    Ximi Infrequent Poster

    Joined:
    May 12, 2008
    Posts:
    40
    Location:
    Estern
    i'm new and i want to use a free av after purchasing 2 years of McAfee.
    i think AVG would be a good choice, so i think i will give it a chance.;)
     
  21. wildvirus88

    wildvirus88 Registered Member

    Joined:
    Feb 28, 2004
    Posts:
    331
    Wow! You said everything...

    I can't compare AVs detections because policy but I can say in my samples Avast detects about 10%...

    But I don't have a website and I don't work for av-comparatives or VirusBulettin... VB ir a joke... I disagree with the tests... The test is next to my result ir virus.gr and I really don't care about av-comparatives lovers... I don't need to prove that Avast is a joke too... I believe more in my tests and in the tests of solcroft with real samples than other popular tests...
     
  22. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    In my samples Avast detects 80% and Avira and AVG about 10% :eek:

    I think the Mods should close this thread


    Thanks
     
  23. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Where I live, the school-kids are tested by the gov't for literacy. Each student is tested every 3 years. He must pass to graduate. They are tested in their first year of high school and again in their last. Every time the results for grade 9 are poor, by grade 12 they are much, much better. It's simple. They make the test suited to the results they want, by making the final test easier. So what is my point. If one gets 80% and another gets 10%....change the test. LOL
     
  24. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Fill in "results they want" for preferred security application and you are spot on the point I am making ;)
     
  25. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    I beg to differ. The discussion so far seems to be going well between people who have a clue as to what they're talking about... at least until someone with nothing more than sarcasm decided he wanted to jump into the fray.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.